Lucene search
K

350 matches found

CVE
CVE
added 2026/02/26 3:4 p.m.16 views

CVE-2026-26207

CVE-2026-26207 affects Discourse with the discourse-policy plugin. Prior to versions 2025.12.2, 2026.1.1 and 2026.2.0, PolicyController loads posts by ID without verifying the current user’s visibility, allowing authenticated users to interact with policies on posts they cannot view and to enumer...

5.4CVSS5.6AI score0.00151EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/25 9:23 p.m.4 views

GHSA-WXX7-MCGF-J869 n8n has Potential Remote Code Execution via Merge Node

Impact An authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. Patches The issues have been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to...

9.9CVSS6.4AI score0.00765EPSS
Exploits0References6
OSV
OSV
added 2026/02/25 2:2 a.m.6 views

CVE-2026-25135 OpenEMR's location resource for Group.$export operation returns entire patient/user population contact information

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 have an information disclosure vulnerability that leaks the entire contact information for all users, organizations, and patients in the system to anyone who has the...

4.5CVSS5.5AI score0.00219EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/24 9:15 p.m.3 views

CVE-2026-27195

Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of TypedFunc::callasync which made it capable of calling async-typed guest export functions. However, that implementation had a bu...

7.5CVSS5.8AI score0.00362EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2026/02/24 9:15 p.m.5 views

CVE-2026-27195

Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of TypedFunc::callasync which made it capable of calling async-typed guest export functions. However, that implementation had a bu...

7.5CVSS5.3AI score0.00362EPSS
Exploits0
NVD
NVD
added 2026/02/21 8:16 a.m.8 views

CVE-2026-27464

Metabase is an open-source data analytics platform. In versions prior to 0.57.13 and versions 0.58.x through 0.58.6, authenticated users are able to retrieve sensitive information from a Metabase instance, including database access credentials. During testing, it was confirmed that a low-privileg...

7.7CVSS0.00257EPSS
Exploits0References3
OSV
OSV
added 2026/02/19 8:25 p.m.6 views

UBUNTU-CVE-2026-26278

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible ...

7.5CVSS5.8AI score0.00811EPSS
Exploits1References5
EUVD
EUVD
added 2026/01/28 7:17 p.m.6 views

EUVD-2025-206428

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators with the moderatorschangepostownership setting enabled can change ownership of posts in private messages and restricted categories they cannot access, then export...

6.9CVSS5.8AI score0.00135EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/28 7:17 p.m.31 views

CVE-2025-68933 Discourse non-admin moderators can exfiltrate private content via post ownership transfer

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators with the moderatorschangepostownership setting enabled can change ownership of posts in private messages and restricted categories they cannot access, then export...

6.9CVSS0.00135EPSS
Exploits0References1
CVE
CVE
added 2026/01/28 7:17 p.m.16 views

CVE-2025-68933

CVE-2025-68933 (Discourse) is a broken access control vulnerability affecting Discourse versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. Non-admin moderators with the moderators_change_post_ownership setting enabled can change ownership of posts in private messages and restricted cate...

6.9CVSS5.8AI score0.00135EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/01/28 6:21 p.m.6 views

EUVD-2025-206450

Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have a content-security-policy-mitigated cross-site scriptinv vulnerability on the Discourse Math plugin when using its KaTeX variant. This issue is patched in versions 3.5.4, 2025.11.2,...

4.6CVSS5.8AI score0.00194EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/28 6:21 p.m.4 views

CVE-2025-67723 Discourse vulnerable to stored Cross-site Scripting via Katex in discourse-math plugin

Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have a content-security-policy-mitigated cross-site scriptinv vulnerability on the Discourse Math plugin when using its KaTeX variant. This issue is patched in versions 3.5.4, 2025.11.2,...

4.6CVSS5.8AI score0.00194EPSS
Exploits0References1
CVE
CVE
added 2026/01/27 5:13 p.m.78 views

CVE-2026-22259

CVE-2026-22259 affects Suricata’s DNP3 parser. Before versions 8.0.3 and 7.0.14, specially crafted DNP3 traffic can cause unbounded memory growth during parsing, leading to slowed performance and potential OOM-killer termination. A fix is included in Suricata 8.0.3 and 7.0.14. If upgrading is not...

7.5CVSS5.9AI score0.00508EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-22259

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memo...

7.5CVSS5.8AI score0.00508EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/30 8:41 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization when the frontend.enableExecuteMultiOperation is enabled. An attacker can circumvent namespace-specific validation and feature gates by setting the embedded StartWorkflowExecutionRequest's namespace field to a...

5.3CVSS6.8AI score0.00415EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/01 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-64332

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 an...

7.5CVSS5.8AI score0.0032EPSS
Exploits0References3
NVD
NVD
added 2025/11/26 11:15 p.m.14 views

CVE-2025-64332

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow that causes Suricata to crash can occur if SWF decompression is enabled. This issue has been patched in version...

7.5CVSS0.0032EPSS
Exploits0References2
NVD
NVD
added 2025/11/26 11:15 p.m.6 views

CVE-2025-64335

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64data. This issue has been patched in...

7.5CVSS0.00359EPSS
Exploits0References4
OSV
OSV
added 2025/11/26 11:15 p.m.4 views

UBUNTU-CVE-2025-64335

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64data. This issue has been patched in...

7.5CVSS5.6AI score0.00359EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2025/11/26 10:59 p.m.7 views

CVE-2025-64332

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow that causes Suricata to crash can occur if SWF decompression is enabled. This issue has been patched in version...

7.5CVSS5.3AI score0.0032EPSS
Exploits0
Rows per page
Query Builder